The Perfect Setup - White Box Linux / Red Hat Enterprise Linux 3.0 - Page 4

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.

Submitted by falko (Contact Author) (Forums) on Mon, 2004-03-22 18:19. ::

Postfix

We have to configure Postfix in order to enable SMTP-AUTH and TLS.

First, we generate the certificate files needed for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

<- Enter a password for smtpd.key.

chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr

<- Again, enter your password for smtpd.key.
<- Enter your Country Name (e.g., "DE").
<- Enter your State or Province Name.
<- Enter your City.
<- Enter your Organization Name (e.g., the name of your company).
<- Enter your Organizational Unit Name (e.g. "IT Department").
<- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
<- Enter your Email Address.

The following information is optional:

<- Enter a challenge password.
<- Enter an optional company name.

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

<- Again, enter your password for smtpd.key.

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

<- Again, enter your password for smtpd.key.

mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Run the following commands in order to enable SMTP-AUTH and TLS in /etc/postfix/main.cf:

postconf -e 'mydomain = example.com'
postconf -e 'myhostname = server1.$mydomain'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'alias_maps = hash:/etc/aliases'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

mv -f /etc/pam.d/smtp.postfix /etc/pam.d/smtp
/etc/init.d/postfix restart

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH

everything is fine.

Type

quit

to return to the system's shell.

Synchronize the System Clock

If you want to have the system clock synchronized with an NTP server you can add the following lines to /var/spool/cron/root (if the file does not exist, create it by running

touch /var/spool/cron/root):

# update time with ntp server
0 3,9,15,21 * * * /usr/bin/rdate 128.2.136.71 | logger -t NTP

Then run

chmod 600 /var/spool/cron/root
/etc/init.d/crond restart

Install the 42go ISP-Manager

If you want to install the 42go ISP-Manager on the system you have to do the following steps because the 42go ISP-Manager does not support White Box Linux / Red Hat Enterprise Linux 3.0 out of the box. But because all paths/settings are similar to those on Red Hat 9 (which is supported by the 42go ISP-Manager) you can make the installer of the 42go ISP-Manager believe that the system is running Red Hat 9:

rm -f /etc/redhat-release

Now create a new file /etc/redhat-release with the following contents: